#VU104791 Integer underflow in Linux kernel - CVE-2022-49611

Cybersecurity Help s.r.o.

Published: 2025-02-26

Vulnerability identifier: #VU104791

Vulnerability risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49611

CWE-ID: CWE-191

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer underflow within the SYM_INNER_LABEL() function in arch/x86/kvm/vmx/vmenter.S, within the spectre_v2_select_mitigation() function in arch/x86/kernel/cpu/bugs.c. A local user can execute arbitrary code.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links
https://git.kernel.org/stable/c/17a9fc4a7b91f8599223631bb6ae6416bc0de1c0
https://git.kernel.org/stable/c/3d323b99ff5c8c57005184056d65f6af5b0479d8
https://git.kernel.org/stable/c/4d7f72b6e1bc630bec7e4cd51814bc2b092bf153
https://git.kernel.org/stable/c/8c38306e2e9257af4af2819aa287a4711ff36329
https://git.kernel.org/stable/c/8d5cff499a6d740c91ff37963907e0e983c37f0f
https://git.kernel.org/stable/c/9756bba28470722dacb79ffce554336dd1f6a6cd
https://git.kernel.org/stable/c/f744b88dfc201bf8092833ec70b23c720188b527

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

SUSE update for the Linux Kernel

Integer underflow in Linux kernel include asm